rescript-compiler icon indicating copy to clipboard operation
rescript-compiler copied to clipboard
verified publisher icon rescript-lang

Remove the unnecessary binaries after install

Open mununki opened this issue 3 years ago • 2 comments

Thank you for filing! Check list:

  • [x] Is it a bug? Usage questions should often be asked in the forum instead.
  • [x] Concise, focused, friendly issue title & description.
  • [x] A minimal, reproducible example.
  • [x] OS and browser versions, if relevant.
  • [x] Is it already fixed in master?
  • OS: macOS (M1)

There are unnecessary binaries after installation in node_modules directory. AFIK, most ppx packages which are shipped by npm are using postinstall script to remove the unnecessary binaries after installation. Isn't it preferable to remove it for users? If you want me to add the postinstall script, I'll contribute it.

image

mununki avatar May 23 '22 01:05 mununki

@mununki This would be superseded by #6183.

cknitt avatar May 27 '23 19:05 cknitt

Relying on postinstall scripts is not a good idea. Either for read/write. npm config set ignore-scripts true is a recommended setting for security reasons.

https://medium.com/cider-sec/npm-might-be-executing-malicious-code-in-your-ci-without-your-knowledge-e5e45bab2fed

cometkim avatar Dec 14 '23 07:12 cometkim